Why Security Questions Aren’t Very Secure

While stolen email addresses may be less damaging than a stolen credit card number, email addresses do introduce risk because they offer an entry into other accounts of the email owner. In addition, social engineering scams like phishing often start with an email that dupes the recipient into clicking on a malicious link.

Here’s why relying on security questions to protect your account is not a good idea: the bad guy can likely find the answers by searching online or viewing social media. Your mother’s maiden name or the name of your high school are not particularly secret. (You may even be freely sharing these answers with a chatty person next to you on a flight.) If you have to answer security questions upon account setup, consider establishing a series of fake answers that only you know. A more secure option is to use multi-factor authentication as much as possible. Many online services offer this authentication option.

For organizations, having to fall back on outdated advice to customers about changing passwords or selecting new security questions is a reactive approach. If breaches are a matter of ‘when’, not ‘if’, organizations should strengthen their methods for online authentication. There are more secure options to manage access, such as multi-factor authentication, dynamic knowledge-based authentication, and behavioral biometric characteristics. Even an option for the user to create his own security questions (with answers that are more private) is a better solution. Click below to learn more about Teramind.

Marianna Noll is a Maryland-based writer with an interest in the impact that technology has on organizations and users. She writes about software, user adoption and engagement with software, and IT security.

Posts created: 105

Previous articleHow to Ensure the Security of Your Cloud Storage in 2018: The Top Experts Speak